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Intelligent Access and Monitoring Architecture 



Goal 



Present a methodology and solution of leveraging 
access switching to overcome current and future 

Lawful Interception challenges 
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Introduction to Net Optics 



Customers 

• 85% of the Fortune 100 

• 52% of the Fortune 500 

• 7,500 Global Deployments 

Highlights 

• Founded in 1996, Private, Self-Funded 

• 60 Quarters of Growth & Profitability 

• Strong Management Team 

• Sales Offices in New York, Atlanta, Germany, 
China 

Go to Market Strategy 

• 30% Direct Sales 

• 25% OEM/Partner Relationship 

• 45% Global Channel 

Technology 

• Four new inventions each year 

• 20+ patents and patent pending applications 
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Cause and Effect 



Lawful Interception solutions have changed over time 
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Network must be designed for 
scalability & agility 



New Applications 

•VoIP 

• 4G/LTE 

• Video 



Network 

Complexity 







^Compliance 
Internal/External Intrusioi 
Lawful Interception 
Cybercrime 


L i 


r 

Security must be architected in, 
not a point solution 
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and Pain Points 



No visibility into the virtualized 

network 
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Explosive Growth 
CAPEX Improvements 
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Link Saturation 
Oversubscription 
10G 40G 100G 



Tools & instruments can’t keep up 
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Trends Affecting Lawful Interception 



Triple Play Networks, Increased bandwidth, advanced services 
driving new Lawful Interception design requirements 
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Network Operator’s 
Administration 
Function (AF) 
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IRI Mediation 
Function (MF) 
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Source: ETSI ES 201 158 
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Unique Operational Challenges With 10G 



Common Lawful Interception deployment challenges: 



Lack of Tools 

• Availability of 10G 
monitoring tools and 
10G security tools 

• Tools ability to operate 
at line rate with low 
latency 



Quality 

• Content classification 
as an example: It’s 
hard enough on 1G... 



Cost 

• New 10G tools (not 
the 10G network 
interface cards) 

• Leveraging existing 
investments of 1G 
tools 

• Cost of knowledge, 
migration, operations 
= TCO 



Source: Net Optics Customer Advisory Board 7/2010 
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Other Technical Challenges 



Jitter, Oversubscription and Blocking are more severe with 10G 
networks: 



Switching 

Oversubscription 


Latency and Jitter 


• If the queue exceeds the 


• At any time, only one 


size of the physical 


packet can be 


hardware buffer, packets 


transmitted from each 


are dropped 


physical output port of a 
switch 




• Resource contention 




might happen when two 
packets arrive from 
separate input ports to 
the same output port 
(e.g. uplink) at about the 
same time 
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Microburst 



Even at low traffic, when average traffic is low, head of line blocking 
phenomenon (“oversubscription” ) causes queuing -> short periods 
where the instantaneous bandwidth can reach maximum utilization 
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Oversubscription 
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Source: Cisco 
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Total Visibility Across Your Entire Network 



Data Center 
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The Visibility Challenge In The Hybrid Data Center 



A 

Virtualization Creates 
Security, Monitoring and 
Compliance Risks 

• No visibility into traffic, 
vulnerabilities and threats 

• Data passing between servers not 
captured for auditing 

• Resource utilization can pinpoint 
source of issues 



ESX Virtual Stack 
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Goal: Increasing 




Enables Security, 
Performance Monitoring and 
Compliance 



r 

• 1 00% visibility of inter-VM traffic 

• Bridge virtual traffic to physical 
tools 

• Eliminate barriers to virtualization 

• Achieve security and compliance 
standards in a virtualized 
environment 
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Extending Wire Capabilities 



ESX Virtual Stack with 
Phantom Installed 
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What Customers Want 



Meet Lawful interception challenges in high capacity networks 

But how? 
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The LI Foundation: Reliable Copy 
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To do it right, 
you need: 

- Reliability 
-Accuracy 

- 1 00% of the Data 
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Source: ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture 
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Current Approach Is Not Scalable 



Invest in new systems capable to handle 10G/40G/100G 

- Packet duplication add burden on the network 




Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN 
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The Solution: Leveraging Access Switching 



Leveraging Access Switching 

- Packet duplication does not burden on the network 



AAA 




Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN 
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Access Switching: Do More With Less 



10/40/100 Load Balancing 

- Share the load between multiple tools 

- Centralized intelligence for more endpoint 

- Leverage existing / cheap / 1 G tools 

- Plan for growth 

Pre-filter with DPI to detect desired traffic on any port 

- Pre-filtering is a mature technology 

- DPI allows to identify data of interest and forward to the monitoring/ 
recording tool 

GRE tunneling 

- Distribute the collection infrastructure 

Cloud Monitoring 

- Inter-VM and cloud based monitoring 

Any type of media 

- Fiber, copper or both 
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Summary 



Modern and advanced Access switching technology 
provides the scalable solution to meet Lawful Interception 
challenges in high capacity networks by focusing on 
improving collection infrastructure. 
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Net Optics, Inc. 
www. n eto ptics.com 
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